General

  • Target

    b7ab91889289babcced64e9acb2394a0N

  • Size

    4.8MB

  • Sample

    240913-12nvvssdlh

  • MD5

    b7ab91889289babcced64e9acb2394a0

  • SHA1

    74e4096979036cc9bae821746966bcea0a666f2a

  • SHA256

    2d209a6330260b7b7e55ccce687dd89f934efb3c892e4153eb74102d0faaced2

  • SHA512

    dcdb58503b7bced0f025430cc010c51604216bf0867370111d4e3cbfacd95e0e87219649742fcea45f3ce475d91c34d438b2d9ee6d49ffcbfd4457699a70bb79

  • SSDEEP

    98304:z9/9FHn51DY7VLm2/QvMMFJ7wbz9VtUl9rv:z9fHn6X/QBFUV8r

Malware Config

Targets

    • Target

      b7ab91889289babcced64e9acb2394a0N

    • Size

      4.8MB

    • MD5

      b7ab91889289babcced64e9acb2394a0

    • SHA1

      74e4096979036cc9bae821746966bcea0a666f2a

    • SHA256

      2d209a6330260b7b7e55ccce687dd89f934efb3c892e4153eb74102d0faaced2

    • SHA512

      dcdb58503b7bced0f025430cc010c51604216bf0867370111d4e3cbfacd95e0e87219649742fcea45f3ce475d91c34d438b2d9ee6d49ffcbfd4457699a70bb79

    • SSDEEP

      98304:z9/9FHn51DY7VLm2/QvMMFJ7wbz9VtUl9rv:z9fHn6X/QBFUV8r

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks